001    /*
002     * Copyright (c) 2002-2005 the original author or authors.
003     * 
004     * Licensed under the Apache License, Version 2.0 (the "License"); you may not
005     * use this file except in compliance with the License. You may obtain a copy of
006     * the License at
007     * 
008     * http://www.apache.org/licenses/LICENSE-2.0
009     * 
010     * Unless required by applicable law or agreed to in writing, software
011     * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
012     * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
013     * License for the specific language governing permissions and limitations under
014     * the License.
015     */
016    package org.springframework.richclient.security;
017    
018    import org.springframework.security.SpringSecurityException;
019    import org.springframework.security.Authentication;
020    import org.springframework.security.AuthenticationManager;
021    
022    /**
023     * This interface defines the operations required of an Application Security Manager for
024     * the RCP framework. The security manager is responsible for handling login and logout
025     * requests, interacting with the {@link org.springframework.security.AuthenticationManager} that
026     * will perform the actual user authentication, and firing the events associated with
027     * application security lifecycle. See {@link ClientSecurityEvent} and its subclasses.
028     * <p>
029     * The Security Manager is available as an application service via
030     * {@link org.springframework.richclient.application.ApplicationServices#getSecurityManager}.
031     * <p>
032     * See {@link SecurityAwareConfigurer} for more details on how to configure components for
033     * automatic notification of security events.
034     * 
035     * @author Larry Streepy
036     * @see org.springframework.richclient.security.support.DefaultApplicationSecurityManager
037     * @see AuthenticationAware
038     * @see LoginAware
039     * @see SecurityAwareConfigurer
040     * 
041     */
042    public interface ApplicationSecurityManager {
043    
044        /**
045         * Process a login attempt and fire all related events. If the authentication fails,
046         * then a {@link AuthenticationFailedEvent} is published and the exception is
047         * rethrown. If the authentication succeeds, then an {@link AuthenticationEvent} is
048         * published, followed by a {@link LoginEvent}.
049         * 
050         * @param authentication token to use for the login attempt
051         * @return Authentication token resulting from a successful call to
052         *         {@link AuthenticationManager#authenticate(org.springframework.security.Authentication)}.
053         * @throws SpringSecurityException If the authentication attempt fails
054         */
055        public Authentication doLogin(Authentication authentication) throws SpringSecurityException;
056    
057        /**
058         * Return if a user is currently logged in, meaning that a previous call to doLogin
059         * resulted in a valid authentication request.
060         * @return true if a user is logged in
061         */
062        public boolean isUserLoggedIn();
063    
064        /**
065         * Get the authentication token for the currently logged in user.
066         * @return authentication token, null if not logged in
067         */
068        public Authentication getAuthentication();
069    
070        /**
071         * Determine if the currently authenticated user has the role provided.
072         * @param role to check
073         * @return true if the user has the role requested
074         */
075        public boolean isUserInRole(String role);
076    
077        /**
078         * Perform a logout.  Set the current authentication token to null (in both the
079         * per-thread security context and the global context), then publish an
080         * {@link AuthenticationEvent} followed by a {@link LogoutEvent}.
081         * @return Authentication token that was in place prior to the logout.
082         */
083        public Authentication doLogout();
084    
085        /**
086         * Set the authentication manager to use.
087         * @param authenticationManager instance to use for authentication requests
088         */
089        public void setAuthenticationManager(AuthenticationManager authenticationManager);
090    
091        /**
092         * Get the authentication manager in use.
093         * @return authenticationManager instance used for authentication requests
094         */
095        public AuthenticationManager getAuthenticationManager();
096    }